* [OE-core][scarthgap][PATCH] libpam: mark CVE-2025-6018 as not applicable
@ 2025-10-21 13:59 Anders Heimer
0 siblings, 0 replies; only message in thread
From: Anders Heimer @ 2025-10-21 13:59 UTC (permalink / raw)
To: openembedded-core; +Cc: Anders Heimer
CVE-2025-6018 is a local privilege escalation in PAM that requires
`user_readenv=1` to be enabled in the PAM configuration. The default
configuration does not enable reading user environment files (user_readenv
is 0 by default). Hence this vulnerability cannot be exploited using the
default configuration.
Signed-off-by: Anders Heimer <anders.heimer@est.tech>
---
meta/recipes-extended/pam/libpam_1.5.3.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-extended/pam/libpam_1.5.3.bb b/meta/recipes-extended/pam/libpam_1.5.3.bb
index 4c27767ab1..79a0e9f694 100644
--- a/meta/recipes-extended/pam/libpam_1.5.3.bb
+++ b/meta/recipes-extended/pam/libpam_1.5.3.bb
@@ -39,6 +39,8 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283"
+CVE_STATUS[CVE-2025-6018] = "not-applicable-config: Default PAM config does not use user_readenv=1"
+
DEPENDS = "bison-native flex-native libxml2-native virtual/crypt"
EXTRA_OECONF = "--includedir=${includedir}/security \
base-commit: f16cffd030d21d12dd57bb95cfc310bda41f8a1f
--
2.34.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2025-10-21 13:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-21 13:59 [OE-core][scarthgap][PATCH] libpam: mark CVE-2025-6018 as not applicable Anders Heimer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox